Building Networks for People Unified Services Router User Manual DSR-150 / 150N / 250 / 250N / 500 / 500N / 1000 / 1000N Ver. 1.
User Manual Unified Services Router D-Link Corporation Copyright © 2012. http://www.dlink.
Unified Services Router User Manual User Manual DSR-150 / 150N /250 / 250N / DSR-500 / 500N / 1000 / 1000N Unified Services Router Version 1.05 Copyright © 2012 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. N either this manual, nor any of the material contained herein, may be reproduced without written consent of the author.
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ........................................................................................................................... 11 1.1 About this User Manual .......................................................................................... 12 1.2 Typographical Conventions ................................................................................... 12 Chapter 2. Configuring Your Network: LAN Setup ....................
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup ............................................................................................. 68 4.1 Wireless Settings Wizard ....................................................................................... 68 4.1.1 Wireless Network Setup Wizard ........................................................................... 69 4.1.2 Add Wireless Device with WPS ....................................................................
Unified Services Router User Manual Chapter 7. SSL VPN ............................................................................................................................. 129 7.1 Groups and Users ................................................................................................. 131 7.1.1 Users and Passwords .......................................................................................... 137 7.2 Using SSL VPN Policies ......................................................
Unified Services Router User Manual 10.3.2 Wireless Clients..................................................................................................... 187 10.3.3 LAN Clients ............................................................................................................ 187 10.3.4 Active VPN Tunnels .............................................................................................. 188 Chapter 11. Trouble Shooting ...........................................................
Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings ...................................................................................... 15 Figure 2: LAN DHCP Reserved IPs ......................................................................................................... 17 Figure 3: LAN DHCP Leased Clients ......................................................................................................
Unified Services Router User Manual Figure 33: OSPFv2 configured parameters ............................................................................................ 59 Figure 34: OSPFv2 configuration ............................................................................................................. 60 Figure 35: OSPFv3 configured parameters ............................................................................................ 61 Figure 36: OSPFv3 configuration .........................
Unified Services Router User Manual Figure 65: Two trusted domains added to the Approved URLs List ................................................. 104 Figure 66: One keyword added to the block list ................................................................................... 105 Figure 67: Export Approved URL list .....................................................................................................
Unified Services Router User Manual Figure 98: Configured client routes only apply in split tunnel mode ................................................. 146 Figure 99: List of configured SSL VPN portals. The configured portal can then be associated with an authentication domain ...................................................................................................... 147 Figure 100: SSL VPN Portal configuration ..................................................................................
Unified Services Router User Manual Figure 132: AP specific statistics............................................................................................................ 185 Figure 133: List of current Active Firewall Sessions............................................................................ 186 Figure 134: List of connected 802.11 clients per AP ........................................................................... 187 Figure 135: List of LAN hosts ................................
Unified Services Router User Manual Chapter 1. Introduction D-Link Unified Services Routers offer a secure, high performance networking solution to address the growing needs of small and medium businesses. Integrated high -speed IEEE 802.11n and 3G wireless technologies offer compara ble performance to traditional wired networks, but with fewer limitations.
Unified Services Router User Manual central corporate database. Site-to-site VPN tunnels use IP Security (IPsec) Protocol, Point-to-Point Tunneling Protocol (PPTP), or Layer 2 Tunneling Protocol (L2TP) to facilitate branch office connect ivity through encrypted virtual links. The DSR-150/150N, DSR-250/250N, DSR-500/500N and DSR1000/1000N support 10, 25, 35 and 75 simultaneous IPSec VPN tunnels respectively.
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN.
Unified Services Router User Manual To configure LAN Connectivity, please follow the steps below: 1. In the LAN Setup page, enter the following information for your router: IP address (factory default: 192.168.10.1). If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again.
Unified Services Router User Manual Lease Time: Enter the time, in hours, for which IP addresses are leased to clients. Relay Gateway: Enter the gateway address. This is the only configuration parameter required in this section when DHCP Relay is selected as its DHCP mode 3. In the DNS Host Name Mapping section: Host Name: Provide a valid host name IP address: Provide the IP address of the host name, 4.
Unified Services Router User Manual 2.1.1 LAN DHCP Reserved IPs Setup > Network Settings > LAN DHCP Reserved IPs This router DHCP server can assign TCP/IP configurations to computers in the LAN explicitly by adding client's network interface hardware address and the IP address to be assigned to that client in DHCP server's database.
Unified Services Router User Manual Figure 2: LAN DHCP Reserved IPs 2.1.2 LAN DHCP Leased Clients Setup > Network Settings > LAN DHCP Leased Clients This page provides the list of clients connect to LAN DHCP server.
Unified Services Router User Manual Figure 3: LAN DHCP Leased Clients IP Addresses: The LAN IP address of a host that matches the reserved IP list. MAC Addresses: The MAC address of a LAN host that has a configured IP address reservation. 2.1.3 LAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config (1) In IPv6 mode, the LAN DHCP server is enabled by default (similar to IPv4 mode).
Unified Services Router User Manual Figure 4: IPv6 LAN and DHCPv6 configuration If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.
Unified Services Router User Manual As with an IPv4 LAN network, the router has a DHCPv6 server. If enabled, the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses. The following settings are used to configure the DHCPv6 server: DHCP Mode: The IPv6 DHCP server is either stateless or stateful.
Unified Services Router User Manual Prefix Address: IPv6 prefix address in the DHCPv6 server prefix pool Prefix Length: Length prefix address 2.1.4 Configuring IPv6 Router Advertisements Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients, in that the router will assign an IP address and supporting network information to devices that are configured to accept s uch details.
Unified Services Router User Manual seconds. Upon expiration of this value, a new RADVD exchange must take place between the host and this router. Figure 5: Configuring the Router Advertisement Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration.
Unified Services Router User Manual IPv6 Prefix: When using Global/Local/ISATAP prefixes, this field is used to define the IPv6 network advertised by this router. IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6 address that define up the network portion of the address. Typically this is 64. Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix.
Unified Services Router User Manual number from 2 to 4091. VLAN ID 1 is reserved for the default VLAN, which is used for untagged frames received on the interface. By enabling Inter VLAN Routing, you will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled. Figure 7: Adding VLAN memberships to the LAN 2.2.
Unified Services Router User Manual Figure 8: Port VLA N list In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame. In Trunk mode the port is a member of a user selectable set of VLANs. All data going into and out of the port is tagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID=1, which is untagged.
Unified Services Router User Manual Figure 9: Configuring VLAN membership for a port 2.2.2 Multiple VLAN Subnets Setup > VLAN Settings > Multi VLAN Settings This page shows a list of available multi -VLAN subnets. Each configured VLAN ID can map directly to a subnet within the LAN. Each LAN port can be assigned a unique IP address and a VLAN specific DHCP server can be configured to assign IP address leases to devices on this VLAN.
Unified Services Router User Manual Figure 10: Multiple VLAN Subnets 2.2.3 VLAN configuration Setup > VLAN Settings > VLANconfiguration This page allows enabling or disabling the VLAN function on the router. Virtual LANs can be created in this router to provide segmentation capabilities for firewall rules and VPN policies. The LAN network is conside red the default VLAN. Check the Enable VLAN box to add VLAN functionality to the LAN.
Unified Services Router User Manual Figure 11: VLAN Configuration 2.3 Configurable Port: DMZ Setup DSR-150/150N/250/250N does not have a configurable port – there is no DMZ support. This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a sub network that is open to the public but behind the firewall.
Unified Services Router User Manual Figure 12: DMZ configuration In order to configure a DMZ port, the router’s configurable port must be set to DMZ in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network > UPnP Universal Plug and Play (UPnP) is a feature that allows the router to discovery devices on the network that can communicate with the router and allow for auto configuration.
Unified Services Router User Manual Advertisement Period: This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network. Advertisement Time to Live: This is expressed in hops for each UPnP packet. This is the number of steps a packet is allowed to propagate before being discarded. Small values will limit the UPnP broadcast range.
Unified Services Router User Manual 2.5 Captive Portal DSR-150/150N/250/250N does not have support for the Captive Portal feature. LAN users can gain internet access via web portal authentication with the DSR. Also referred to as Run-Time Authentication, a Captive Portal is ideal for a web café scenario where users initiate HTTP connection req uests for web access but are not interested in accessing any LAN services.
Unified Services Router User Manual Figure 14: Active Runtime sessions 2.6 Captive portal setup Advanced > Captive Portal >Captive Portal Setup Captive Portal is a security mechanism to selectively provide authentication on certain interfaces. This page allows to manage the Policies and Profiles of CaptivePortal.
Unified Services Router User Manual Figure 15: Captive Portal Setup Captive Portal Policies: The List of Available CaptivePortal Policies are s hown in this table. Authentication Type: This allows in choosing the authentication mode, type and redirection type. List of Available Profiles: Any one of these profiles can be used for Captive Portal Login page while enabling Captive Portal.
Unified Services Router User Manual Figure 16: Customized Captive Portal Setup Click “Add” in the Captive Portal setup page to allow defining customized captive portal login page information (Page Background Color, Header Details, Header Caption, Login Section Details, Adverti sement Details, Footer Details and Captive Portal Header Image).
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to establish a connection to the internet. The following ISP connection types are supported: DHCP, Static , PPPoE, PPTP, L2TP, 3G Internet (via USB modem). It is assumed that you have arranged for internet service with your Internet Service Provider (ISP).
Unified Services Router User Manual 3G Internet access with a USB modem is supported on WAN 3. The Internet Connection Setup Wizard assists with the primary WAN port (WAN1) configuration only. 3.
Unified Services Router User Manual My IP Address: Enter the IP address assigned to you by the ISP. Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR-150/150N/250/250N doesn’t have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each time you log in) or static (permanent).
Unified Services Router User Manual Figure 18: Manual WAN configuration 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page. There are two types of PPPoE ISP’s supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE.
Unified Services Router User Manual Figure 19: PPPoE configuration for standard ISPs Most PPPoE ISP’s use a single control and data connection, and require username / password credentials to login and authenticate the DSR with the ISP. The ISP connection type for this case is “PPPoE (Username/Password)”. The GUI will prompt you for authentication, service, and connection settings in order to establish the PPPoE link.
Unified Services Router User Manual Figure 20: WAN configuration for Japanese Multiple PPPoE (part 1) There are a few key elements of a multiple PPPoE connection: Primary and secondary connections are concurrent Each session has a DNS server source for domain name lookup, this can be assigned by the ISP or configured through the GUI The DSR acts as a DNS proxy for LAN users Only HTTP requests that specifically identify the secondary connection’s domain name (for example *.
Unified Services Router User Manual When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added on that interface. These routes are needed to access the internal domain of the ISP where he hosts various services. These routes can even be configured through the static routing page as well. Figure 21: WAN configuration for Multiple PPPoE (part 2) 3.2.
Unified Services Router User Manual Figure 22: Russia L2TP ISP configuration 3.2.6 Russia Dual Access PPPoE For Russia dual access PPPoE connections, you can choose the address mode of the connection to get an IP address from the ISP or configure a static IP address provided by the ISP.
Unified Services Router User Manual Figure 23: Russia Dual access PPPoE configuration 3.2.7 WAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static configuration settings must be completed.
Unified Services Router User Manual there need not be a DHCPv6 server available at the ISP, rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration. A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well.
Unified Services Router User Manual Password: Enter the password required to login to the ISP. Authentication Type: The type of Authentication in use by the profile: Auto Negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2. Dhcpv6 Options: The mode of Dhcpv6 client that will start in this mode: disable dhcpv6/stateless dhcpv6/stateful dhcpv6/ stateless dhcpv6 with prefix delegation. Primary DNS Server: Enter a valid primary DNS Server IP Address.
Unified Services Router User Manual Figure 25: Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN l inks. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required.
Unified Services Router User Manual 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (l ike guests or HTTP service) do not monopolize the available WAN’s bandwidth for cost -savings or bandwidth-priority-allocation purposes.
Unified Services Router User Manual For finer control, the Rate profile type can be used. With this option the minimum and maximum bandwidth allowed by this profile can be limited. Choose the WAN interface that the profile should be associated with. Figure 27: Bandwidth Profile Configuration page Advanced > Advanced Network > Traffic Management > Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN.
Unified Services Router User Manual Figure 28: Traffic Selector Configuration 3.4 Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports. Setup > Internet Settings > WAN Mode To use Auto Failover or Load Balancing, WAN link failure detection must be configured.
Unified Services Router User Manual Note that both WAN1, WAN2 and WAN3 can be configured as the primary internet link. Auto-Rollover using WAN port Primary WAN: Selected WAN is the primary link ( WAN1/WAN2/WAN3) Secondary WAN: Selected WAN is the secondary link.
Unified Services Router User Manual 70% of 1Kbps, the new connections will be spilled -over to secondary WAN. The maximum value of load tolerance is 80 and the least is 20. Protocol Bindings: Refer Section 3.4.3 for details Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another.
Unified Services Router User Manual Figure 29: Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined 3.4.3 Protocol Bindings Advanced > Routing > Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use. Choosing from a list of configured services or any of the user -defined services, the type of traffic can be assigned to go over only one of the available WAN ports.
Unified Services Router User Manual addresses can be assigned to the other WAN link. Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured. Figure 30: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interf aces.
Unified Services Router User Manual NAT is a technique which allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP address range while the WAN port on the router is configured with a single "public" IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned only one IP address to you.
Unified Services Router User Manual Figure 31: Routing Mode is used to conf igure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) 55
Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 150/150N/250/250N does not support RIP. Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modificat ions in the LAN without interrupting traffic flow.
Unified Services Router User Manual 3.5.3 Static Routing Advanced > Routing > Static Routing Advanced > IPv6 > IPv6 Static Routing Manually adding static routes to this device allows you to d efine the path selection of traffic from one interface to another. There is no communication between this router and other devices to account for changes in the path; once configured the static route will be active and effective until the network changes.
Unified Services Router User Manual Figure 32: Static route configuration fields 3.5.4 OSPFv2 Advanced > Routing > OSPF OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single routing domain. It gathers link state information from available routers and constructs a topology map of the network. OSPF version 2 is a routing protocol which described in RFC2328 - OSPF Version 2. OSPF is IGP (Interior Gateway Protocols).
Unified Services Router User Manual Figure 33: OSPFv2 configured parameters Interface: The physical network interface on which OSPFv2 is Enabled/Disabled. Status: This column displays the Enable/Disable state of OSPFv2 for a particular interface. Area: The area to which the interface belongs. Two routers having a common segment; their interfaces have to belong to the same area on that segment. The interfaces should belong to the same subnet and have similar mask.
Unified Services Router User Manual Figure 34: OSPFv2 configuration 3.5.5 OSPFv3 Advanced > IPv6 > OSPF Open Shortest Path First version 3 (OSPFv3) supports IPv6 .
Unified Services Router User Manual Figure 35: OSPFv3 configured parameters Interface: The physical network interface on which OSPFv3 is Enabled/Disabled. Status: This column displays the Enable/Disable state of OSPFv3 for a particular interface. Priority: Helps to determine the OSPFv3 designated router for a network. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router.
Unified Services Router User Manual Figure 36: OSPFv3 configuration 3.5.6 6to4 Tunneling Advanced > IPv6 > 6to4 Tunneling 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be tran smitted over an IPv4 network. Select the check box to Enable Automatic Tunneling and allow traffic from an IPv6 LAN to be sent over a IPv4 Option to reach a remote IPv6 network.
Unified Services Router User Manual Figure 37: 6 to 4 tunneling 3.5.7 ISATAP Tunnels Advanced > IPv6 > 6to4 Tunneling ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual -stack nodes on top of an IPv4 network. ISATAP specifies an IPv6-IPv4 compatibility address format as well as a means for site border router discovery.
Unified Services Router User Manual Figure 38: IS A TAP T un ne l s Co nf ig u ra tio n ISATAP Subnet Prefix: This is the 64-bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet. This can be obtained from your ISP or internet registry, or derived from RFC 4193. End Point Address: This is the endpoint address for the tunnel that s tarts with this router. The endpoint can be the LAN interface (assuming the LAN is an IPv4 network), or a specific LAN IPv4 address.
Unified Services Router o User Manual On Demand: The connection is automatically ended if it is idle for a specified number of minutes. Enter the number of minutes in the Maximum Idle Time field. This feature is useful if your ISP charges you based on the amount of time that you are connected. Password: Enter the password required to login to the ISP. Dial Number: Enter the number to dial to the ISP.
Unified Services Router User Manual Figure 39: WAN3 configuration for 3G internet 3G WAN support is available on these dual WAN products: DSR-1000 and DSR1000N. Cellular 3G internet access is available on WAN 3 via a 3G USB modem for DSR1000 and DSR-1000N. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection. The dial Number and APN are specific to the cellular carriers.
Unified Services Router User Manual The default MTU size supported by all ports is 1500. This is the largest packet size that can pass through the interface without fragmentation. This size can be increased, however large packets can introduce network lag and bring down the interface speed. Note that a 1500 byte size packet is the largest allowed by the Ethernet protocol at the network layer. The port speed can be sensed by the router when Auto is selected.
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/aut hentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu.
Unified Services Router User Manual Figure 41: Wireless Network Setup Wizards 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients. The Wizard uses a TKIP+AES cipher for WPA / WPA2 security; depending on support on the client side, devices associate with this AP using either WPA or WPA2 security with the same pre -shared key.
Unified Services Router User Manual wireless device is chose, you will be presented with two common WPS setup options: Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this fi eld the AP will establish a link to the client. Click Connect to complete setup and connect to the client.
Unified Services Router User Manual WPA (Wi-Fi Protected Access): For stronger wireless security than WEP, choose this option. The encryption for WPA will use TKIP and also CCMP if required. The authentication can be a pre-shared key (PSK), Enterprise mode with RADIUS server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections.
Unified Services Router User Manual Encryption: select the encryption key size -- 64 bit WEP or 128 bit WEP. The larger size keys provide stronger encryption, thus making the key more difficult to crack WEP Passphrase: enter an alphanumeric phrase and click Generate Key to generate 4 unique WEP keys with length determined by the encryption key size. Next choose one of the keys to be used for authentication. The selected key must be shared with wireless clients to connect to this device.
Unified Services Router User Manual Figure 43: Profile configuration to set network security 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to authenticate the wireless client. An acceptable passphrase is between 8 to 63 characters in length. 4.2.3 RADIUS Authentication Advanced > RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and/or WPA2 security.
Unified Services Router User Manual wireless client connections to an AP enabled with a profile that uses RADIUS authentication. The Authentication IP Address is required to identify the server. A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed. Authentication Port: the port for the RADIUS server connection Secret: enter the shared secret that allows this router to log into the specified RADIUS server(s).
Unified Services Router User Manual Figure 44: RADIUS server (External Authentication) configur ation 4.3 Creating and Using Access Points Setup > Wireless Settings > Access Points Once a profile (a group of security settings) is created, it can be assigned to an AP on the router. The AP SSID can be configured to broadcast its availability to the 802.11 environment can be used to establish a WLAN network.
Unified Services Router User Manual The AP Name is a unique identifier used to manage the AP from the GUI, and is not the SSID that is detected by clients when the AP has broadcast enabled. Figure 45: Virtual AP configuration A valuable power saving feature is the start and stop time control for this AP. You can conserve on the radio power b y disabling the AP when it is not in use.
Unified Services Router User Manual Figure 46: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points. Traffic statistics are shown for that individual AP, as compared to the summary stats for each AP on the Statistics table.
Unified Services Router User Manual broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario. 4.4 Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP’s enabled on the DSR. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though).
Unified Services Router User Manual 4.5 WMM Setup > Wireless Settings > WMM Wi-Fi Multimedia (WMM) provides basic Quality of service (QoS) features to IEEE 802.11 networks. WMM prioritizes traffic according t o four Access Categories (AC) voice, video, best effort, and background. Figure 48: Wi-Fi Multimedia Profile Name: This field allows you to select the available profiles in wireless settings . Enable WMM: This field allows you to enable WMM to improve multimedia transmission.
Unified Services Router User Manual 4.6 Wireless distribution system (WDS) Setup > Wireless Settings > WDS Wireless distribution system is a system enabling the wireless interconnection of access points in a network. This feature is only guaranteed to work only between devices of the same type. Figure 49: Wireless Distribution System This feature is only guaranteed to work only between devices of the same type (i.e. using the same chipset/driver).
Unified Services Router User Manual For a WDS link to function properly the Radio settings on the WDS peers have to be the same. The WDS page would consist of two sections. The first section provides general WDS settings shared by all its WDS peers. WDS Enable - This would be a check box WDS Encryption - Displays the type of encryption used. It could be one of OPEN/64 bit WEP/128 bit WEP/TKIP/AES (Use the term being used throughout the box i.e. either CCMP or AES).
Unified Services Router User Manual Figure 50: Advanced Wireless communication settings 4.8 Wi-Fi Protected Setup (WPS) Advanced > Wireless Settings > WPS WPS is a simplified method to add supporting wireless clients to the network. WPS is only applicable for APs that employ WPA or WPA2 security. To use WPS, select the eligible VAPs from the dropdown list of APs that have been configured with this security and enable WPS status for this AP.
Unified Services Router User Manual More than one AP can use WPS, but only one AP can be used to establish WPS links to client at any given time.
Chapter 5. Securing the Private Network You can secure your network by creating a nd applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply.
Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used. Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources . The default outbound rule is to allow access from the secure zone (LAN) to either the public DMZ or insecure WAN.
Unified Services Router User Manual Figure 53: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects. To create a new firewall rules, follow the steps below: 1.
Unified Services Router User Manual Service: ANY means all traffic is affected by this rule. For a specific service the drop down list has common services, or you can select a custom defined service. Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK b y schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK . A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule.
Unified Services Router User Manual External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic. This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address. On a single WAN interface, multiple public IP addresses are supported.
Unified Services Router User Manual Figure 54: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.
Unified Services Router User Manual Figure 55: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed.
Unified Services Router User Manual 5.4 Configuring IPv6 Firewall Rules Advanced > Firewall Settings > IPv6 Firewall Rules All configured IPv6 firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects.
Unified Services Router User Manual Figure 57: List of Available IPv6 Firewall Rules 5.4.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day. Solution: Create an inbound rule as follows.
Unified Services Router User Manual Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video conference service used) connections are allowed only from a speci fied range of external IP addresses. Parameter Value From Zone Insecure (WAN1/WAN2/WAN3) To Zone Secure (LAN) Service CU-SEEME:UDP Action ALLOW always Send to Local Server (DNAT IP) 192.168.10.11 Destination Users Address Range From 132.177.88.2 To 134.177.88.
Unified Services Router E From User Manual 10.1.0.52 x WAN a Users m Log p le 4: Bloc Any Never Example 4: Block traffic by schedule if generated from specific range of machines Use Case: Block all HTTP traffic on the weekends if the request originates from a specific group of machines in the LAN having a known range of IP addresses, and anyone coming in through the Network from the WAN (i.e. all remote users). Configuration: 1.
Unified Services Router User Manual Figure 58: Schedule configuration for the above example. 2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2/WAN3) that is to be blocked according to schedule “Weekend”.
Unified Services Router User Manual 3. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule 4. As we defined our schedule in schedule “Weekend”, this is available in the dropdown menu 5. We want to block the IP range assigned to the marketing group. Let’s say they have IP 192.168.10.20 to 192.168.10.
Unified Services Router User Manual Figure 59: List of user defined services . Figure 60: Custom Services configuration Created services are available as options for firewall rule configuration. Name: Name of the service for identification and management purposes. Type: The layer 3 Protocol that the service uses.
Unified Services Router ICMP types, parameters. User Manual visit the following URL: http://www.iana.org/assignments/icmp - Start Port: The first TCP, UDP or BOTH port of a range that the service uses. If the service uses only one port, then the Start Port will be the same as the Finish Port. Finish Port: The last port in the range that the service uses. If the service uses only one port, then the Finish Port will be the same as the Start Port. Port: The port that the service uses. 5.
Unified Services Router User Manual Figure 61: Available ALG support on the router . 5.7 VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This router’s firewall settings can be configured to allow encrypted VPN traffic for IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support; instead the appropriate check boxes in the VPN Passthrough page must be enabled.
Unified Services Router User Manual Figure 62: Passthrough options for VPN tunnels 5.8 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as p ort triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic.
Unified Services Router User Manual Figure 63: List of Available Application Rules showing 4 unique rules The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. 5.9 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN.
Unified Services Router User Manual Figure 64: Content Filtering used to block access to proxy servers and prevent ActiveX contro ls from being downloaded 5.9.2 Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names. Domains added to this list are allowed in any form. For example, if the domain “yahoo” is added to this list then all of the following URL’s are permitted access from the LAN: www.yahoo.com , yahoo.co.uk, etc.
Unified Services Router User Manual Figure 65: Two trusted domains added to the Approved U RLs List 5.9.3 Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL’s or site content that contains the keywords in the configured list. This is lower priority than the Approved URL List; i.e. if the blocked keyword is present in a site allowed by a Trusted Domain in the Approved URL List, then access to that site will be allowed.
Unified Services Router User Manual Figure 66: One keyword added to the block list 5.9.4 Export Web Filter Advanced > Website Filter > Export Export Approved URLs: Feature enables the user to export the URLs to be allowed to a csv file which can then be downloaded to the local host. The user has to click the export button to get the csv file. Export Blocked Keywords: This feature enables the user to export the keywords to be blocked to a csv file which can then be downloaded to the local host.
Unified Services Router User Manual Figure 67: Export Approved URL list 5.10 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed.
Unified Services Router User Manual Figure 68: The following example binds a LAN host’s MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured 5.11 Intrusion Prevention (IPS) Advanced > Advanced Network > IPS The gateway’s Intrusion Prevention System (I PS) prevents malicious attacks from the internet from accessing the private network.
Unified Services Router User Manual Figure 69: Intrusion Prevention features on the router 5.12 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources.
Unified Services Router User Manual Figure 70: Protecting the router and LAN from internet attacks WAN Security Checks: Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans from the WAN. This makes it less susceptible to discovery and attacks. Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets and be protected from a SYN flood attack.
Unified Services Router User Manual Block Fragmented Packets: selecting this option drops any fragmented packets through or to the gateway Block Multicast Packets: selecting this option drops multicast packets, which could indicate a spoof attack, through or to the gateway. DoS Attacks: SYN Flood Detect Rate (max/sec): The rate at which the SYN Flood can be detected.
Unified Services Router User Manual Chapter 6. IPsec / PPTP / L2TP VPN A VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote PC client. The following types of tunnels can be created: Gateway-to-gateway VPN: to connect two or more routers to secure traff ic between remote sites. Remote Client (client-to-gateway VPN tunnel): A remote client initiat es a VPN tunnel as the IP address of the remote PC client is not known in advance.
Unified Services Router User Manual Figure 72: Example of three IPsec client connections to the internal network through the DSR IPsec gateway 112
Unified Services Router User Manual 6.1 VPN Wizard Setup > Wizard > VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies. Once the IKE or VPN policy is created, you ca n modify it as required. Figure 73: VPN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: 1. Select the VPN tunnel type to create The tunnel can either be a gateway to gateway connecti on (site-to-site) or a tunnel to a host on the internet (remote access).
Unified Services Router User Manual 2. Configure Remote and Local WAN address for the tunnel endpoints Remote Gateway Type: identify the remote endpoint of the tunnel by FQDN or static IP address Remote WAN IP address / FQDN: This field is enabled only if the peer you are trying to connect to is a Gateway. For VPN Clients, this IP address or Internet Name is determined when a connection request is received from a client.
Unified Services Router User Manual Parameter Default value from Wizard Exchange Mode Aggressive (Client policy ) or Main (Gateway policy) ID Type FQDN Local WAN ID wan_local.com (only applies to Client policies) Remote WAN ID wan_remote.
Unified Services Router User Manual Figure 74: IPsec policy configuration Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts. The Phase 1 IKE parameters are used to define the tunnel’s security association details.
Unified Services Router User Manual The VPN policy is one half of the IKE/VPN p olicy pair required to establish an Auto IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN endpoints are configured here, along with the policy parameters required to secure the tunnel Figure 75: IPsec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPsec hosts.
Unified Services Router User Manual endpoint. As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully. Note that using Auto policies with IKE are preferred as in some IPsec implementations the SPI (security parameter index) values require conversion at each endpoint. DSR supports VPN roll-over feature.
Unified Services Router User Manual Figure 76: IPsec policy configuration continued (Auto / Manual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server.
Unified Services Router User Manual With a configured RADIUS server, the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client. You can secure the connection between the router and the RADIUS server with the authentication protocol supported by the server (PAP or CHAP). For RADIUS – PAP, the router first checks in the user database to see if the user credentials are available; if they are not, the router connects to the RADIUS server. 6.2.
Unified Services Router User Manual Figure 77: PPTP tunnel configuration – PPTP Client Figure 78: PPTP VPN connection status Setup > VPN Settings > PPTP > PPTP Server A PPTP VPN can be established through this router. Once enabled a PPTP server is available on the router for LAN and WAN PPTP client users to access. Once the PPTP server is enabled, PPTP clients that are within t he range of configured IP addresses of allowed clients can reach the router’s PPTP server.
Unified Services Router User Manual Figure 79: PPTP tunnel configuration – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access. Once t he L2TP server is enabled, L2TP clients that are within the range of configured IP addresses of allowed clients can reach the router’s L2TP server.
Unified Services Router User Manual Figure 80: L2TP tunnel configuration – L2TP Server 6.4.3 OpenVPN Support Setup > VPN Settings > OpenVPN > OpenVPN Configuration OpenVPN allows peers to authenticate each other using a pre -shared secret key, certificates, or username/password.
Unified Services Router User Manual signature and Certificate authority. An Open VPN can be established through this router. Check/Uncheck this and click save settings to start/stop openvpn server. Mode: OpenVPN daemon mode. It can run in server mode, client mode or access server client mode. In access server client mode, the user has to download the auto login profile from the Openvpn Access Server and upload the same to connect. Server IP: OpenVPN server IP connects(Applicable in client mode).
Unified Services Router User Manual Figure 81: OpenVPN configuration 6.4.4 OpenVPN Remote Network Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-toSite) This page allows the user to add/edit a remote network and netmask which allows the other OpenVPN clients to reach this network.
Unified Services Router User Manual Figure 82: OpenVPN Remote Network Common Name: Common Name of the OpenVPN client certificate. Remote Network: Network address of the remote resource. Subnet Mask: Netmask of the remote resource. 6.4.5 OpenVPN Authentication Setup > VPN Settings > OpenVPN > OpenVPN Authentication This page allows the user to upload required certificates and keys.
Unified Services Router User Manual Figure 83: OpenVPN Authentication Trusted Certificate (CA Certificate): Browse and upload the pem formatted CA Certificate. Server/Client Certificate: Browse and upload the pem formatted Server/Client Certificate. Server/Client Key: Browse and upload the pem formatted Server/Client Key. DH Key: Browse and upload the pem formatted Diffie Hellman Key. Tls Authentication Key: Browse and upload the pem formatted Tls Authentication Key.
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configure d network resources within the corporate LAN.
Unified Services Router User Manual Figure 84: Example of clientless SSL VPN connections to the DSR 130
Unified Services Router User Manual 7.1 Groups and Users Advanced > Users > Groups The group page allows creating, editing and deleting groups. The groups are associated to set of user types. The lists of available groups are displayed in the “List of Group” page with Group name and description of group. Click Add to create a group. Click Edit to update an existing group. Click Delete to clear an existing group.
Unified Services Router User Manual Admin: This is the router’s super-user, and can manage the router, use SSL VPN to access network resources, and login to L2TP/PPTP servers on the WAN. There will always be one default administrator user for the GUI Guest User (read-only): The guest user gains read only access to the GUI to observe and review configuration settings. The guest does not have SSL VPN access. Captive Portal User: These captive portal users has access through the router.
Unified Services Router User Manual Active Directory Domain: If the domain uses the Active Directory authentication, the Active Directory domain name is required. Users configured in the Active Directory database are given access to the SSL VPN portal with their Active Directory username and password. If there are multiple Active Directory domains, user can enter the details for up to two authentication domains. Timeout: The timeout period for reaching the authentication server.
Unified Services Router User Manual Disable Login: Enable to prevent the users of this group from logging into the devices management interface(s) Deny Login from WAN interface: Enable to prevent the users of this group from logging in from a WAN (wide area network) interface. In this case only login through LAN is allowed. Figure 88: Group login policies options Policy by Browsers To set browser policies for the group, select the corresponding group click “ Policy by Browsers”.
Unified Services Router User Manual Figure 89: Browser policies options Policy by IP To set policies bye IP for the group, select the corresponding group click “Policy by IP”. The following parameters are configured: Group Name: This is the name of the group that can have its login policy edited Deny Login from Defined Browsers: The list of defined browsers below will be used to prevent the users of this group from logging in to the routers GUI.
Unified Services Router User Manual Click Save Settings to save your changes. Figure 90: IP policies options . Login Policies, Policy by Browsers, Policy by IP are applicable SSL VPN user only. Advanced > Users > Users The users page allows adding, editing and deleting existing groups. The user are associated to configured groups. The lists of available users are displayed in the “List of Users” page with User name, associated group and Login status. Click Add to create a user.
Unified Services Router User Manual Figure 91: Available Users with login status and associated Group 7.1.1 Users and Passwords Advanced > Users > Users The user configurations allow creating users associated to group. The user settings contain the following key components: User Name: This is unique identifier of the user. First Name: This is the user’s first name Last Name: This is the user’s last name Select Group: A group is chosen from a list of configured groups.
Unified Services Router User Manual Figure 92: User configuration options 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies. These policies can be applied to a specific network resource, IP address or ranges on the LAN, or to different SSL VPN services supported by the router.
Unified Services Router User Manual Figure 93: List of SSL VPN polic es (Global filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected. Similarly, for a user defined policy a SSL VPN user must be chosen from the available list of configured users. The next step is to define the policy details.
Unified Services Router User Manual Figure 94: SSL VPN policy configuration To configure a policy for a single user or group of users, e nter the following information: Policy for: The policy can be assigned to a group of users, a single user, or all users (making it a global policy). To customize the policy for specific users or groups, the user can select from the Available Groups and Ava ilable Users drop down.
Unified Services Router User Manual ICMP: Select this option to include ICMP traffic Port range: If the policy governs a type of traffic, this field is used for defining TCP or UDP port number(s) corresponding to the governed traffic. Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic. Service: This is the SSL VPN service made available by this policy. services offered are VPN tunnel, port forwarding or both.
Unified Services Router User Manual Figure 95: List of conf igured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port For warding service. Traffic from the remote user to the router is detected and re-routed based on configured port forwarding rules.
Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution. This host name resolution provides users with easy-to-remember FQDN’s to access TCP applications instead of error prone IP addresses when using the Port Forwarding service through the SSL User Portal.
Unified Services Router User Manual Figure 96: List of Available Applications for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point -to-point connection between the browser side machine and this router. When a SSL VPN client is launched from the user portal, a "network adapter" with an IP address from the corporate subnet, DNS and WINS settings is automatically created.
Unified Services Router User Manual Figure 97: SSL VPN client adapter and access configuration The router allows full tunnel and split tunnel support. Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router. Split tunnel mode only sends traffic to the private LAN based on pre-specified client routes. These client routes give the SSL client access to specific private networks, thereby allowing access control over specific LAN services.
Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel. As well a static route on the private LAN’s firewall (typically this router) is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client.
Unified Services Router User Manual 7.5 User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. This portal provides the authentication fields to provide the appropriate access levels and privileges as determined by the router administrator.
Unified Services Router User Manual the SSL VPN portal URL. As well, the users assigned to this portal (through their authentication domain) can be presented with one or more of the router’s supported SSL services such as the VPN Tunnel page or Port Forwarding page. To configure a portal layout and theme, following information is needed: Portal layout name: A descriptive name for the custom portal that is being configured. It is used as part of the SSL portal URL.
Unified Services Router User Manual Figure 100: SSL VPN Portal configuration 149
Unified Services Router User Manual Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings > USB Status The DSR Unified Services Router has a USB interface for printer access, file sharing and on the DSR-1000 / DSR-1000N models 3G modem support. There is no configuration on the GUI to enable USB device support. Upon inserting your USB storage device, printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral.
Unified Services Router User Manual Figure 101: USB Device Detection 8.2 USB share port Setup > USB Settings > USB SharePort This page allows configure the SharePort feature available in this router.
Unified Services Router User Manual Figure 102: USB SharePort USB-1: Enable USB Printer: Select this option to allow the USB printer connected to the router to be shared across the network. The USB printer can be accessed on any LAN host (with appropriate printer driver installed) connected to the router by using the following command in the host's add printers window http:///printers/ (Device Model can be found in the USB settings page).
Unified Services Router User Manual Enable Sharing: Select this option to allow the USB storage device connected t o the router to be shared across the network. Sharing Enabled interfaces: The LAN interfaces on which USB sharing is enabled, atleast one interface must be selected to begin sharing. Enable Printer: Enables printer sharing on the selected interface. Enable Storage: Enables storage device sharing on the selected interface. 8.
Unified Services Router User Manual Figure 104: SMS Service – Receive SMS The following details to be provided in Create Message page: Receiver: Enter the phone number of the intended receiver of the message. Text Message: Enter the body of the message here Click Send Message to send the message. Click Don't Save Settings to reset Receiver and Text Message fields. 8.
Unified Services Router User Manual table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self cer tificate: Name: The name you use to identify this certificate, it is not displayed to IPsec VPN peers or SSL users. Subject Name: This is the name that will be displayed as the owner of this certificate. This should be your official registered or company name, as IPsec or SSL VPN peers are shown this field.
Unified Services Router User Manual 8.5 Advanced Switch Configuration The DSR allows you to adjust the power consumption of the hardware b ased on your actual usage. The two “green” options available for your LAN switch are Power Saving by Link Status and Length Detection State. With “Power Saving by Link Status” option enabled, the total power consumption by the LAN switch is dependent function of on the number of connected ports.
Unified Services Router User Manual Chapter 9. Administration & Management 9.1 Configuration Access Control The primary means to configure this gateway via the browser -independent GUI. The GUI can be accessed from LAN node by using the gateway’s LAN IP address and HTTP, or from the WAN by using the gateway’s WAN IP address and HTTPS (HTTP over SSL). Administrator and Guest users are permitted to login to the router’s management interface. The user type is set in the Advanced > Users > Users page.
Unified Services Router User Manual Figure 108: Admin Settings 9.1.2 Remote Management Tools > Admin > Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses. The router administrator can define a known PC, single IP address or range of IP addresses that are allowed to access the GUI with HTTPS. The opened port for SSL traffic can be changed from the default of 443 at the same time as d efining the allowed remote management IP address range.
Unified Services Router User Manual Figure 109: Remote Management from the WAN 9.1.3 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users. To access the CLI, type “cli” in the SSH or console prompt and login with administrator user credentials. 9.
Unified Services Router User Manual Figure 110: SNMP Users, Traps, and Access Control Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging.
Unified Services Router User Manual Figure 111: SNMP system information f or this router 9.3 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol ( NTP) server to synchronize the date and time. You can choose to set Date and Time manually, which will store the information on the router’s real time clock (RTC).
Unified Services Router User Manual Figure 112: Date, Time, and NTP server setup 9.4 Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor t he type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router. The following sections describe the log configuration settings and the ways you can access these logs. 9.4.
Unified Services Router User Manual Kernel: This refers to the Linux kernel. Log messages that correspond to this facility would correspond to traffic through the firewall or network stack. System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for ma naging the unit. Wireless: This facility corresponds to the 802.11 driver used for providing AP functionality to your network.
Unified Services Router User Manual Figure 113: Facility settings for Logging The display for logging can be customized based on where the logs are sent, either the Event Log viewer in the GUI (the Event Log viewer is in the Status > Logs page) or a remote Syslog server for later review. E-mail logs, discussed in a subsequent section, follow the same configuration as logs configured for a Syslog server.
Unified Services Router User Manual tries to make an SSH connection, those packets will be accepted and a message will be logged. (Assuming the log option is set to Allow for the SSH firewall rule.) Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment. This option is useful when the Default Outbound Policy is “Allow Always”.
Unified Services Router User Manual Figure 114: Log configuration options for traffic through router Tools > Log Settings > IPv6 logging This page allows you to configure the IPv6 logging 166
Unified Services Router User Manual Figure 115: IPv6 Log configuration options for traffic through router 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E -Mail address. For remote logging a key configuration field is the Remote Log Identifier.
Unified Services Router User Manual Figure 116: E-mail configuration as a Remote Logging option An external Syslog server is often used by network administrator to collect and store logs from the router. This remote device typically has less memory constraints than the local Event Viewer on the router’s GUI, and thus can collect a considerable number of logs over a sustained period. This is typically very useful for debugging network issues or to monitor router traffic over a long duration.
Unified Services Router User Manual sent to the configured (and enabled) Syslog server once you save this configuration page’s settings. Figure 117: Syslog server configuration for Remote Logging ( continued) 9.4.3 Event Log Viewer in GUI Status > Logs > View All Logs The router GUI lets you observe configured log mes sages from the Status menu.
Unified Services Router User Manual Figure 118: VPN logs displayed in GUI event viewer 9.5 Backing up and Restoring Configuration Settings Tools > System You can back up the router’s custom configuration settings to restore them to a different device or the same router after some other changes. During backup, your settings are saved as a file on your host. You can restore the router's saved settings from this file as well.
Unified Services Router User Manual 2. To restore your saved settings from a backup file, click Browse then locate the file on the host. After clicking Restore, the router begins importing the file’s saved configuration settings. After the restore, the router reboots automatically with the restored settings. 3. To erase your current settings and revert to factory default settings, click the Default button.
Unified Services Router User Manual Figure 120: Firmware version information and upgrade option This router also supports an automated notification to determin e if a newer firmware version is available for this router. By clicking the Check Now button in the notification section, the router will check a D -Link server to see if a newer firmware version for this router is available for download and update the Stat us field below. IMPORTANT! After firmware 1.
Unified Services Router User Manual Figure 121: Firmware upgrade and con figuration restore/backup via USB 9.8 Dynamic DNS Setup Tools > Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, D-Link DDNS, or Oray.net. Each configured WAN can have a different DDNS service if required.
Unified Services Router User Manual Figure 122: Dynamic DNS configuration 9.9 Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health.
Unified Services Router User Manual Figure 123: Router diagnostics tools available in the GUI 9.9.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING . The command output will appear indicating the ICMP echo request status. 9.9.2 Trace Route This utility will display all the routers present between the destination IP address and this router.
Unified Services Router User Manual Figure 124: Sample trace route output 9.9.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address. A message stating “Unknown Host” indicates that the specified Internet Name does not exist. This feature assumes there is internet access available on the WAN link(s) . 9.9.
Unified Services Router User Manual 9.10 Localization Tools > Set Language The router has built in tools to allow change the default language (English) to four different languages.
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DSR Status page, and then the resulting hardware resource and router usage details are summarized on the router’s Dashboard. 10.1.
Unified Services Router User Manual Figure 126: Device Status display 179
Unified Services Router User Manual Figure 127: Device Status display (continued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router. Interface statistics for the wired connections (LAN, WAN1, WAN2/DMZ, VLANs) provide indication of packets through and packets dropped by the interface.
Unified Services Router User Manual Figure 128: Resource Utilization statistics 181
Unified Services Router User Manual Figure 129: Resource Utilization data (continued) 182
Unified Services Router User Manual Figure 130: Resource Utilization data (continued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review.
Unified Services Router User Manual Figure 131: Physical port statistics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link. If you suspect that a radio or VAP may be down, the details on this page would confirm if traffic is being sent and received through the VAP.
Unified Services Router User Manual Figure 132: AP specific statistics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the router’s firewall. The session’s protocol, state, local and remote IP addresses are shown.
Unified Services Router User Manual Figure 133: List of current Active Firewall Sessions 186
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP. The statistics table has auto-refresh control which allows display of the most current port level data at each page refresh. The default auto-refresh for this page is 10 seconds.
Unified Services Router User Manual Figure 135: List of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs You can view and change the status (connect or drop) of the router’s IPsec security associations. Here, the active IPsec SAs (security associations) are listed along with the traffic details and tunnel state. The traffic is a cumulative measure of transmitted/received packets since the tunnel was esta blished.
Unified Services Router User Manual Figure 136: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are displayed on this page as well. Table fields are as follows. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router. IP Address IP address of the remote VPN client. Local PPP Interface The interface (WAN1 or WAN2) through which the session is active.
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router’s web-configuration interface from a PC on your LAN. Recommended action: 1. Check the Ethernet connection between the PC and the router. 2. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC’s address should be in the range 192.168.10.2 to 192.168.10.254. 3. Check your PC’s IP address.
Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: 1. Launch your browser and go to an external site such as www.google.com. 2. Access the firewall’s configuration main menu at http://192.168.10.1. 3. Select Monitoring > Router Status . 4. Ensure that an IP address is shown for the WAN port. If 0.0.0.
Unified Services Router User Manual Symptom: Router can obtain an IP address, but PC is unable to load Internet pages. Recommended action: 1. Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation. 2. On your PC, configure the router to be its TCP/IP gateway. 11.2 Date and time Symptom: Date shown is January 1, 1970.
Unified Services Router User Manual 4. Observe the display: If the path is working, you see this message sequence: Pinging with 32 bytes of data Reply from : bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message sequence: Pinging with 32 bytes of data Request timed out 5.
Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is connected and functioning. Ask your ISP if it assigned a hostname to your PC. If yes, select Network Configuration > WAN Settings > Ethernet ISP Settings and enter that hostname as the ISP account name. Ask your ISP if it rejects the Ethernet MAC addresses of all but one of your PCs.
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.
Unified Services Router User Manual Appendix A. Glossary ARP Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. DDNS Dynamic DNS. System for updating domain names in real time. Allows a domain name to be assigned to a device with a dynamic IP address. DHCP Dynamic Host Configuration Protocol.
Unified Services Router User Manual PPPoE Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses. PPTP Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet. RADIUS Remote Authentication Dial-In User Service. Protocol for remote user authentication and accounting.
Appendix B. Factory Default Settings Feature Device login Internet Connection Description Default Setting User login URL http://192.168.10.1 User name (case sensitive) admin Login password (case sensitive) admin WAN MAC address Use default address WAN MTU size 1500 Port speed Autosense IP address 192.168.10.1 IPv4 subnet mask 255.255.255.0 RIP direction None RIP version Disabled RIP authentication Disabled DHCP server Enabled DHCP starting IP address 192.168.10.
Unified Services Router User Manual Appendix C.
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message DBUpdate event: Table: %s opCode:%d rowId:%d Severity Severity DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Log Message BridgeConfig: too few arguments to command %s BridgeConfig: too few arguments to command %s sqlite3QueryResGet failed.Query:%s ddnsDisable failed sqlite3QueryResGet failed.Query:%s sqlite3QueryResGet failed.
Unified Services Router nimfAdvOptSetWrap: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For %s l2tpEnable: command string: %s nimfAdvOptSetWrap: handling reboot scenario nimfAdvOptSetWrap: INDICATOR = %d nimfAdvOptSetWrap: UpdateFlag: %d nimfAdvOptSetWrap: returning with status: %s nimfGetUpdateMacFlag: MacTable Flag
Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d %s:%d SIP ENABLE: %s sipTblHandler:failed to update ifStatic sipTblHandler:failed to update Configport DEBUG DEBUG DEBUG DEBUG %s:%d SIP DISABLE: %s DEBUG %s:%d SIP SET CONF: %s DEBUG Failed to open %s: %s Failed to start sipalg DEBUG DEBUG Failed to stop sipalg DEBUG Failed to get config info DEBUG Network Mask: 0x%x DEBUG RTP DSCP Value: 0x%x DEBUG Need more arguments DEBUG Invalid lanaddr DEBUG Inval
Unified Services Router User Manual pPrivSep: %s %s:DBUpdate event: Table: %s opCode:%d rowId:%d Re-Starting sshd daemon.... sshd re-started successfully. sshd stopped . failed query %s vlan disabled, not applying vlan configuration.. failed query %s failed query %s DEBUG no ports present in this vlanId %d failed query %s vlan disabled, not applying vlan configuration.. disabling vlan enabling vlan vlan disabled, not applying vlan configuration..
Unified Services Router User Manual GetDnsFromIsp: %s IdleTimeOutFlag: %s IdleTimeOutValue: %d AuthMetho: %d executing %s ... %s removing %s from bridge%d... %s adding %s to bridge%d... %s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG stopping bridge... restarting bridge...
Unified Services Router User Manual %s: buffer overflow %s: value of %s in %s table is: %s DEBUG DEBUG Failed to clear vlan for %d Failed to set vlan entry for vlan %d Failed to set vlan entries, while enabling \ Failed to execute vlanConfig binary for port number %d Failed to execute vlanConfig binary for vlanId %d Failed to enable vlan Failed to disable vlan Failed to set vlanPort table entries, while \ Failed to enable vlan unknown vlan state threegMgmtInit: unable to open the database file %s threeg
Unified Services Router User Manual pppoeMgmtTblHandler: NetMask: %s pppoeMgmtTblHandler: AuthOpt: %d pppoeMgmtTblHandler: Satus: %d pppoeEnable: ppp dial string: %s pppoeMgmtDBUpdateHandler: returning with status: %s pptpMgmtTblHandler: MtuFlag: %d DEBUG DEBUG DEBUG DEBUG xl2tpdStop failed writing xl2tpd.conf failed writing options.
Unified Services Router User Manual l2tpMgmtTblHandler: UserName: %s DEBUG l2tpMgmtTblHandler: Password: %s DEBUG l2tpMgmtTblHandler: AccountName: %s DEBUG l2tpMgmtTblHandler: DomainName: %s l2tpMgmtTblHandler: Secret: not specified DEBUG l2tpMgmtTblHandler: Secret: %s l2tpMgmtTblHandler: dynamic MyIp configured DEBUG l2tpMgmtTblHandler: MyIp: %s l2tpMgmtTblHandler: ServerIp: %s l2tpMgmtTblHandler: StaticIp: %s l2tpMgmtTblHandler: NetMask: %s DEBUG DEBUG DEBUG DEBUG l2tpMgmtTblHandler: SplitTu
Unified Services Router User Manual ERROR dhcpcMgmtTblHandler: dhclient enable failed dhcpcMgmtTblHandler: dhcpc release failed dhcpcMgmtTblHandler: dhcpc disable failed dhcpcMgmtDBUpdateHandler: failed query: %s dhcpcMgmtDBUpdateHandler: error in executing " ERROR DHCPv6 Client start failed. ERROR ERROR ERROR DHCPv6 Client stop failed.
Unified Services Router User Manual Created EAP/PEAP context: OK DEBUG Deleted EAP/PEAP context: OK Upper EAP sent us: decision = %d method state = %d P2 decision=(%d); methodState=(%d) Writing message to BIO: ERROR. Encrypted (%d) bytes for P2 P2: sending fragment. P2: message size = %d P2: sending unfragmented message. DEBUG P1: Sending fragment. DEBUG P1: Total TLS message size = (%d) P1: sending unfragmented message.
Unified Services Router User Manual Error rcvd. opCode %d. pCtx NULL. TLS message len changed in the fragment, ignoring. no data to send while fragment ack received. TLS handshake successful. Created EAP/TTLS context: OK Deleted EAP/TTLS context: OK No more fragments in message. ERROR Upper EAP sent us: method state = %d; decision = %d P2: sending fragment.
Unified Services Router User Manual pFB->msgBuff is NULL. Error calculating binary. DEBUG DEBUG Error calculating binary. DEBUG adpDigestInit for SHA1 failed. adpDigestInit for SHA1 failed. DEBUG DEBUG E = %d DEBUG R = %d Could not initialize des-ecb DEBUG DEBUG adpDigestInit for MD4 failed. DEBUG adpDigestInit for SHA1 failed. adpDigestInit for SHA1 failed. Error converting received auth reponse to bin.
Unified Services Router User Manual password change is not allowed for this user DEBUG EAP-PEAP not enabled in system configuration. EAP-WSC not enabled in system configuration. PAP not enabled in system configuration. CHAP not enabled in system configuration. MSCHAP not enabled in system configuration. MSCHAPV2 not enabled in system configuration. PAP/Token not enabled in system configuration. EAP-MD5 not enabled in system configuration. EAP-MSCHAPV2 not enabled in system config.
Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. received EAP pdu bigger than EAP_MTU_SIZE. received EAP pdu bigger than EAP_MTU_SIZE. state machine is in invalid state. unable to create method context. method ctxCreate failed. method profile set failed. ERROR Could not initialize des-ecb ERROR ERROR Error cleaning cipher context. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR state machine is in invalid state.
Unified Services Router User Manual Could not open database: %s CPU LOG File not found DEBUG DEBUG MEM LOG File not found cpuMemUsageDBUpdateHandler: update query: %s DEBUG Printing the whole list after inserting %s at %d(minute) %d(hour) %d(dayOfMonth) %d(month)" DEBUG adpCmdExec exited with return code=%d DEBUG %s op=%d row=%d DEBUG sqlite3_mprintf failed DEBUG sqlite3QueryResGet failed: query=%s Printing the whole list after delete %s at %d(minute) %d(hour) %d(dayOfMonth) %d(month)" DEBUG
Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Adding Dictionary Value %s DEBUG Receiving attribute: %s Processing attribute: %s Processing attribute: %s Processing attribute: %s Processing attribute: %s radConfGet: " Added Server %s:%d with " Added Server %s:%d with " Default Timeout Set to %d Default Retry Count Set to %d %s - %s : %d Deleting Server %s:%d with " Adding RowId:%d to Server %s:%d with " rowIds: %d - %d Deleting Server %s:%d with " RADIUS Deconfigured DEBUG
Unified Services Router User Manual Next Synchronization after" Next Synchronization after %d \ Primary is not available, " Secondary is not available, " DEBUG DEBUG DEBUG DEBUG ERROR ERROR ERROR ERROR DEBUG DEBUG DEBUG Unable to set debug for radAuth. Unable to set debug level for radAuth. ERROR: option value not specified Unable to initialize radius Invalid username, challenge or response Unable to set debug for radAuth. Unable to set debug level for radAuth.
Unified Services Router User Manual timeout after semTake srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR DEBUG ERROR Un-registerting component with Id %d failed to send ioctl request: dst(%d) <--src(%d) processed a reply dst(%d) <-- src(%d) request with no result option dst(%d) <-src(%d) DEBUG cmd = %s cmdstring is %s %s:%d Calling printerConfig binary ... DEBUG DEBUG DEBUG Calling unmount for USB ... DEBUG Calling mount for USB ...
Unified Services Router cpuMemUsageDBUpdateHandler: SQL error: %s unable to open the DB file %s umiInit failed unable to register to UMI Error Reading from the Database. short DB update event request! User Manual ERROR ERROR ERROR ERROR ERROR ERROR Error in executing DB update handler adpListNodeRemove : Returned with an error command too long. Try increasing " failed to allocate memory for CRON_NODE sqlite3QueryResGet failed There was an error while reading the schedules.
Unified Services Router User Manual wan traffic counters are restared DEBUG Traffic limit has been reached Traffic meter monthly limit has been changed to %d. Enabling traffic meter for only dowload. Enabling traffic meter for both directions. Enabling traffic meter with no limit. Email alert in traffic meter disabled. Email alert in traffic meter enabled.
Unified Services Router User Manual Enabling attack check for L2TP. Enabling attack check for UDP Flood. Enabling attack check for IPsec. Enabling attack check for PPTP. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Updating BlockSites Keyword from \ Inserting BlockSites Keyword \ Deleting Trusted Domain \ Adding Trusted Domain \ Restarting Schedule Based Firewall Rules Enabling attack check for L2TP.
Unified Services Router Internet on port %d Enabling remote access management for IP address range" Enabling remote access management to only this PC. Disabling Management Access from Internet on port %d Disabling remote access management for IP address range" Disabling remote access management only to this PC. MAC Filtering %sabled for BLOCK and PERMIT REST. MAC Filtering %sabled for PERMIT and BLOCK REST. Enabling Content Filtering. Disabling Content Filtering.
Unified Services Router User Manual Update FirewallRules6 where ScheduleName = '%s' to New " DEBUG DEBUG fwLBSpillOverConfigure: Could not set POSTROUTING rules fwLBSpillOverConfigure: Something going wrong Here fwL2TPGenericRules.c: unable to open the database file " fwL2TPGenericRules.c: inet_aton failed fwPPTPGenericRules.c: unable to open the database file " fwPPTPGenericRules.
Unified Services Router User Manual Facility: Local0 (Wireless) Log Message (node=%s) setting %s to val = %d Custom wireless event: '%s' Wireless event: cmd=0x%x len=%d New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x) detected WPS session in progress, ignoring enrolle assoc request Severity DEBUG DEBUG DEBUG Log Message sqlite3QueryResGet failed sqlite3QueryResGet failed VAP(%s) set beacon interval failed Severity ERROR ERROR ERROR DEBUG VAP(%s) set DTIM interval failed ERROR DEBUG ERROR ran query %s
Unified Services Router Got PNAC_EVENT_PREAUTH_SUCCESS event for : %s event for non-existent node %s PNAC_EVENT_EAPOL_START event received PNAC_EVENT_EAPOL_LOGOFF event received PNAC_EVENT_REAUTH event received PNAC_EVENT_AUTH_SUCCESS event received PNAC_EVENT_PORT_STATUS_CHAN GED event received User Manual DEBUG DEBUG unsupported event %d from PNAC event for non-existent node %s. Create new node.
Unified Services Router User Manual sending EAPOL pdu to PNAC... creating pnac authenticator with values %d %d - %s Profile %s does not exist IAPP initialized.
Unified Services Router pnacRecvRtn: no corresponding pnac port pae found sending unicast key User Manual DEBUG DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed Invalid IE.
Unified Services Router from pnacRecvMapi: pkt body len = %d, pktType = %d from pnacPDUProcess: received PNAC_EAP_PACKET User Manual from pnacPDUProcess: currentId = %d from pnacPDUProcess: code = %d, identifier = %d, " from pnacPDUProcess: setting rxResp true from pnacPDUProcess: code = %d, identifier = %d, " DEBUG from pnacPDUProcess: received " DEBUG from pnacPDUProcess: received " from pnacPDUProcess: received PNAC_EAPOL_KEY_PACKET DEBUG doing pnacTxCannedFail DEBUG doing pnacTxCannedSuccess d
Unified Services Router from pnacBackAuthFail: calling pnacTxCannedFail %s returned ERROR pnacUmiIoctlHandler: cmd: %s(%d) %s not configured for 802.1x could not process PDU received from the wire pnacPDUForward: failed to foward the received PDU Creating PHY port with AUTH backend : %s SendRtn: %p RecvRtn:%p pnacUmiAuthConfig: %s not configured for 802.
Unified Services Router User Manual phyPort:%s pnacPortPaeDeconfig:kpnacPortPaeDec onfig failed pnacPortPaeDeconfig:kpnacPortPaeDec onfig failed WARN WARN pnacBackAuthSuccess: failed to notify the destination " WARN could not initialize MGMT framework ERROR umiInit failed ERROR iappInit failed ERROR could not initialize IAPP MGMT. ERROR dot11Malloc failed ERROR buffer length not specified Invalid length(%d) specified Failed to get information about authorized AP list.
Unified Services Router Failed to initiate PBC based enrolle association Invalid association mode.
Unified Services Router User Manual Invalid Cipher type %d Profile supports WEP stas,Group cipher must be WEP ERROR Profile %s does not exist ERROR Profile %s does not exist ERROR Profile %s does not exist invalid pairwise cipher type %d ERROR ERROR Cipher %s is already in the list. ERROR Profile %s does not exist ERROR Invalid Cipher type %d ERROR Cipher %s not found in the list.
Unified Services Router User Manual Error in executing DB update handler ERROR sqlite3QueryResGet failed ERROR: incomplete DB update information. old values result does not contain 2 rows ERROR sqlite3QueryResGet failed ERROR Error in executing DB update handler ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.
Unified Services Router User Manual Invalid config data ERROR Facility: Kernel Log Message DNAT: multiple ranges no longer supported DNAT: Target size %u wrong for %u ranges, Severity Log Message Severity DEBUG %s: %s%s:%d -> %s:%d %s, DEBUG DEBUG DEBUG DNAT: wrong table %s, tablename DNAT: hook mask 0x%x bad, hook_mask %s%d: resetting MPPC/MPPE compressor, DEBUG %s: %s%s:%d %s, %s: Failed to add WDS MAC: %s, dev>name, %s: Device already has WDS mac address attached, %s: Added WDS MAC: %s, dev
Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG PPPIOCDETACH file->f_count=%d, PPP: outbound frame not passed PPP: VJ decompression error PPP: inbound frame not passed PPP: reconstructed packet PPP: no memory for missed pkts %u..
Unified Services Router %s: mac_del %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] %s: mac_kick %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] %s: mac_undefined %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] %s: addr_add %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] %s: addr_del %02X:%02X:%02X:%02X:%02X:%02X, dev->nam
Unified Services Router %s: flow dst=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_dst, family) %s: flow src=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_src, family) a guy asks for address mask. Who is it? icmp v4 hw csum failure) expire>> %u %d %d %d, expire, expire++ %u %d %d %d, expire, rt_cache @%02x: %u.%u.%u.%u, hash, rt_bind_peer(0) @%p, NET_CALLER(iph) ip_rt_advice: redirect to ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, UDP: bad checksum. From %d.%d.
Unified Services Router ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, UDP: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d ulen %d, REJECT: ECHOREPLY no longer supported. ipt_rpc: only valid for PRE_ROUTING, FORWARD, POST_ROUTING, LOCAL_IN and/or LOCAL_OUT targets.
Unified Services Router User Manual %s: failed to register sysctls!, sc>sc_dev->name %s: mac %d.%d phy %d.%d, dev>name, 5 GHz radio %d.%d 2 GHz radio %d.%d, radio %d.%d, ah->ah_analog5GhzRev >> 4, radio %d.
Unified Services Router User Manual WINDOW=%u , ntohs(th->window) RES=0x%02x , (u8)(ntohl(tcp_flag_word(th) & TCP_RESERVED_BITS) >> 22) URGP=%u , ntohs(th->urg_ptr) DEBUG TRUNCATED DEBUG %02X, op[i] DEBUG PROTO=UDP DEBUG INCOMPLETE [%u bytes] , DEBUG SPT=%u DPT=%u LEN=%u , DEBUG SPT=%u DPT=%u LEN=%u , PROTO=ICMP DEBUG DEBUG INCOMPLETE [%u bytes] , TYPE=%u CODE=%u , ich->type, ich>code DEBUG INCOMPLETE [%u bytes] , DEBUG ID=%u SEQ=%u , DEBUG PARAMETER=%u , DEBUG GATEWAY=%u.%u.%u.
Unified Services Router User Manual PHYSOUT=%s , physoutdev->name DEBUG MAC= DEBUG %02x%c, *p, DEBUG NAT: no longer support implicit source local NAT NAT: packet src %u.%u.%u.%u -> dst %u.%u.%u.%u, SNAT: multiple ranges no longer supported format,##args) DEBUG DEBUG DEBUG DEBUG version offset_before=%d, offset_after=%d, correction_pos=%u, x->offset_before, x>offset_after, x->correction_pos DEBUG ip_ct_h323: DEBUG DEBUG %s: Error.
Unified Services Router User Manual >msg_iov[i].iov_base)[j] %02X, skb->data[i] _lvl PPPOL2TP: _fmt, ##args %02X, ptr[length] %02X, ((unsigned char *) m>msg_iov[i].iov_base)[j] %02X, skb->data[i] _lvl PPPOL2TP: _fmt, ##args %02X, ptr[length] %02X, ((unsigned char *) m>msg_iov[i].iov_base)[j] DEBUG DEBUG DEBUG De initializing by \ kernel UMI module loaded kernel UMI module unloaded INFO INFO INFO DEBUG DEBUG DEBUG DEBUG Loading bridge module Unloading bridge module unsupported command %d, cmd Loading
Unified Services Router User Manual test key, key pre-hashed key, key const char *descr, krb5_keyblock *k) { AES 128-bit key, &key const char *descr, krb5_keyblock *k) { test key, key DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG pre-hashed key, key const char *descr, krb5_keyblock *k) { DEBUG DEBUG 128-bit AES key,&dk DEBUG 256-bit AES key, &dk WARNING: bwMonMultipathNxtHopSelect:: checking rates hop :%d dev:%s usableBwLimit = %d currBwShare = %d lastHopSelected = %d weightedHopPrefer = %d , 1.
Unified Services Router User Manual Failed to set AES encrypt key AES %s Decrypt Test Duration: %d:%d, hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: INFO DEBUG INFO Failed to set AES encrypt key DEBUG Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: Source Wrong address mask %u.%u.%u.%u from Redirect from %u.%u.%u.
Unified Services Router MD5 Software Test %s, md5SoftTest(0) ? Failed : Passed User Manual DEBUG %s: options rejected: o[0]=%02x, o[1]=%02x, MD5 Hardware Test: MD5 Hardware Test %s, md5HardTest(0) ? Failed : Passed DEBUG DEBUG %s: don't know what to do: o[5]=%02x, *** New port %d ***, ntohs(expinfo>natport) AES Software Test: %d iterations, iter DEBUG ** skb len %d, dlen %d,(*pskb)->len, AES Software Test Duration: %d:%d, DEBUG ********** Non linear skb AES Hardware Test: %d iterations, iter D
Unified Services Router Value = %x ::: At Page = %x : Addr = %x REG Size == 32 Bit Value = %x ::: At Page = %x : Addr = %x User Manual DEBUG WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G DEBUG %s: no rates for %s?, no rates yet! mode %u, sc>sc_curmode DEBUG %u.%u.%u.%u sent an invalid ICMP REG Size is not in 8/16/32/64 Written Value = %x ::: At Page = %x : Addr = %x DEBUG dst cache overflow DEBUG Neighbour table overflow. bcm_ioctl :Unknown Ioctl Case : DEBUG host %u.%u.%u.
Unified Services Router User Manual from G WARNIN G WARNIN G ERROR %s(): ADDBA mode is AUTO, __func__ DEBUG martian source %u.%u.%u.
Unified Services Router User Manual [%d]\tMacAddr\t%s, j, [%d]\tDescp\t\t%s, j, ni>node_trace[i].descp [%d]\tValue\t\t%llu(0x%llx), j, ni>node_trace[i].
Unified Services Router __FUNCTION__ %s: failed to register sysctls!, proc_name PKTLOG_TAG %s: proc_mkdir failed, __FUNCTION__ PKTLOG_TAG %s: pktlog_attach failed for %s, PKTLOG_TAG %s:allocation failed for pl_info, __FUNCTION__ PKTLOG_TAG %s:allocation failed for pl_info, __FUNCTION__ PKTLOG_TAG %s: create_proc_entry failed for %s, PKTLOG_TAG %s: sysctl register failed for %s, PKTLOG_TAG %s: page fault out of range, __FUNCTION__ PKTLOG_TAG %s: page fault out of range, __FUNCTION__ PKTLOG_TAG %s: Log buffer
Unified Services Router %s: cancel DFS WAIT period on channel %d, __func__, sc>sc_curchan.channel Non-DFS channel, cancelling previous DFS wait timer channel %d, sc>sc_curchan.
Unified Services Router User Manual ,__func__ int)len %s: unable to start recv logic, %s: Invalid interface id = %u, __func__, if_id %s: unable to allocate channel table, __func__ %s: Tx Antenna Switch. Do internal reset.
Unified Services Router User Manual >ifName Wakingup due to wow signal %s, wowStatus = 0x%x, __func__, wowStatus DEBUG Pattern added already Error : All the %d pattern are in use.
Unified Services Router User Manual 0x%08x 0x%08x, 0x%08x 0x%08x 0x%08x 0x%08x, DEBUG sc_txq[%d] : , i DEBUG tid %p pause %d : , tid, tid->paused %d: %p , j, tid->tx_buf[j] DEBUG DEBUG %p , buf axq_q: %s: unable to reset hardware; hal status %u, __func__, status DEBUG DEBUG ****ASSERTION HIT**** MacAddr=%s, DEBUG DEBUG TxBufIdx=%d, i DEBUG Tid=%d, tidno AthBuf=%p, tid->tx_buf[i] %s: unable to reset hardware; hal status %u, %s: unable to reset hardware; hal status %u, DEBUG DEBUG %s: unable t
Unified Services Router Index:%d, value:%d, code:%x, rate:%d, flag:%x, i, (int)validRateIndex[i], RateTable:%d, maxvalidrate:%d, ratemax:%d, pRc->rateTableSize,k,pRc>rateMaxPhy User Manual DEBUG DEBUG Can't allocate memory for ath_vap. DEBUG Unable to add an interface for ath_dev.
Unified Services Router User Manual Appendix E.
Unified Services Router User Manual Appendix F. Product Statement 1. DSR-1000N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Unified Services Router User Manual IMPORTANT NOTE: Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction as documented in this manual. This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Unified Services Router User Manual Česky [Czech] [D-Link Corporation] tímto prohlašuje, že tento [DSR-1000N] je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Dansk [Danish] Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-1000N] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Unified Services Router Português [Portuguese] Slovensko [Slovenian] Slovensky [Slovak] User Manual [D-Link Corporation] declara que este [DSR-1000N]está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. [D-Link Corporation] izjavlja, da je ta [DSR-1000N] v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. [D-Link Corporation] týmto vyhlasuje, že [DSR-1000N] spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.
Unified Services Router User Manual 2.DSR-500N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Unified Services Router User Manual Europe – EU Declaration of Conformity This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R&TTE Directive 1999/5/EC: - EN 60950-1: 2006+A11:2009 Safety of information technology equipment - EN 300 328 V1.7.
Unified Services Router User Manual Česky [Czech] [D-Link Corporation] tímto prohlašuje, že tento [DSR-500N] je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Dansk [Danish] Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-500N] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Unified Services Router Português [Portuguese] Slovensko [Slovenian] Slovensky [Slovak] User Manual [D-Link Corporation] declara que este [DSR-500N]está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. [D-Link Corporation] izjavlja, da je ta [DSR-500N] v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. [D-Link Corporation] týmto vyhlasuje, že [DSR-500N] spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.
Unified Services Router User Manual 3.DSR-250N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Unified Services Router User Manual Regulatory statement (R&TTE) European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.4002.4835GHz; In France, the equipment must be restricted to the 2.4465-2.4835GHz frequency range and must be restricted to indoor use. Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied. D=0.
Unified Services Router User Manual 4. DSR-150N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Unified Services Router User Manual Electromagnetic compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment and services; Part 1: Common technical requirements EN 301 489-17 V2.1.1 (2009-05) Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment; Part 17: Specific conditions for Broadband Data Transmission Systems This device is a 2.
Unified Services Router [Hungarian] User Manual Polski [Polish] követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Niniejszym [nazwa producenta] oświadcza, że [nazwa wyrobu] jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. Português [Portuguese] [Nome do fabricante] declara que este [tipo de equipamento] está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE.
